Add tenant-aware user-engine behavior

2026-05-22 21:28:40 +02:00
parent c1b02b8bba
commit 2f9272f39d
8 changed files with 533 additions and 20 deletions
--- a/docs/development.md
+++ b/docs/development.md
@@ -52,3 +52,12 @@ registration, catalog publication, profile writes, effective profile
 resolution, projections, audit inspection, and outbox inspection. The first
 store is `InMemoryUserEngineStore`, which carries an explicit schema version
 and migration hook so later database-backed stores have a contract to match.
+
+## Tenant Surface
+
+Tenant-aware operations resolve an explicit `TenantContext` before mutating
+tenant-scoped state. Tenant admins can operate inside their own tenant, while
+platform-root and cross-tenant operations require the `platform-operator`
+role. Tenant account state, memberships, tenant profile layers, authorization
+facts, audit records, outbox events, and diagnostics all carry the resolved
+tenant.